Security News

A new Monero cryptojacking malware distributed via "Cracked" versions of popular online games is wiping out antivirus programs and surreptitiously mining cryptocurrency in more than a dozen countries, researchers have found. Dubbed "Crackonosh," the malware - which has been active since June 2018 - lurks in pirated versions of Grand Theft Auto V, NBA 2K19 and Pro Evolution Soccer 2018 that gamers can download free in forums, according to a report posted online Thursday by researchers at Avast.

At the latest Group of Seven summit, held June 11-13 in the UK, Western leaders called on Russia to take action against those who conduct ransomware attacks and other cybercrimes from within its borders. In a communiqué issued after the conclusion of the summit, G7 countries vowed to work together to "Further a common understanding of how existing international law applies to cyberspace" and collaborate to "Urgently address the escalating shared threat from criminal ransomware networks."

As more private data is stored and shared digitally, researchers are exploring new ways to protect data against attacks from bad actors. Current silicon technology exploits microscopic differences between computing components to create secure keys, but AI techniques can be used to predict these keys and gain access to data.

The United States' Department of Defense has opened up all of its publicly facing systems and apps to investigation under a bug bounty program. The bug bounty system had only been aimed at websites but now Kristopher Johnson, director of its Vulnerability Disclosure Program, has said "Websites were only the beginning as they account for a fraction of our overall attack surface" and urged the infosec community to take a wider view.

A duo in China has been accused of tricking a government-run identity verification system to create fake invoices. According to state-controlled outlet Xinhua, the suspects tricked the State Taxation Administration platform's identity verification system by manipulating high-def photos with a widely available app that turns photos into videos.

Brewing company Molson Coors acknowledged on Thursday that it has "Experienced a systems outage that was caused by a cybersecurity incident," according to a Form 8-K filed with the SEC. The company did not say which type of attack has caused widespread issues across its entire business - including its brewery operations, production and shipments - but given recent major attacks on other mainstream companies, security experts are speculating that it could have been a ransomware attack. "High-profile attacks are becoming all too common, as attackers have realized they are immensely more profitable when they target large organizations and disrupt their critical business operations - in this case, the brewing operations of the world's biggest, well-known beer brands," observed Edgard Capdevielle, CEO at Nozomi Networks, in an email to Threatpost.

A series of police raids in Belgium have resulted in the apparent shutdown of the Sky ECC encrypted mobile phone network. As the second major encrypted phone network to be shut down by police in Europe, Sky ECC's seeming downfall has parallels with the Encrochat story, where French and Dutch police man-in-the-middle'd the encrypted phone network on suspicion it was being used mainly by organised criminals.

Apple says it will roll out a new privacy control in the spring to prevent iPhone apps from secretly shadowing people. Although Apple didn't provide a specific date, the general timetable disclosed Thursday means a long-awaited feature known as App Tracking Transparency will be part of an iPhone software update likely to arrive in late March or some point in April.

Mozilla this week announced further improvements to user privacy in Firefox, through the isolation of network connections and caches, thus essentially cracking down on supercookies. Specifically, Firefox 85 is arriving with an updated network architecture, where network connections and caches are isolated to the website being visited.

A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer's cipher after a half century. The 340 Cipher, named after its 340 characters, was trickier to figure out - until this week, almost 50 years later, when an unlikely team of cryptographers broke the code.